Info Security Engineer 5 - Application Incident Response & Research

Company: Wells Fargo
Location: Charlotte
Posted on: May 19, 2019

Job Description:

Job Description
At Wells Fargo, we have one goal: to satisfy our customers'
financial needs and help them achieve their dreams. We're looking
for talented people who will put our customers at the center of
everything we do. Join our diverse and inclusive team where you'll
feel valued and inspired to contribute your unique skills and
experience. Help us build a better Wells Fargo. It all begins with
outstanding talent. It all begins with you. Enterprise Finance &
Information Technology offers technology and services that exceed
Wells Fargo customers' expectations and directly enable them to
succeed financially. We interact with customers more than 12
billion times a year through in-store, online, ATM, and telephone
transactions. We impact customers directly, through systems
availability and security, as well as indirectly, through our
business partners who offer and deliver a myriad of products and
services that meet customers' financial needs. We provide a
competitive advantage for the company through excellence in
fundamentals, integrated partnerships, and our talented and engaged
team members.The engineer will be responsible for providing
thorough and accurate research of application security risks in
their research of 0day vulnerabilities and application incidents.
The engineer will play a major role in application incident
response activities, including developing indicators of compromise,
exploit signatures, and patch analysis requiring regular
collaboration with various defensive and offensive teams within the
organization. Performs application security incident response and
vulnerability research activities and technical investigations of
application security related incidents. Partners with senior level
engineers to identify security vulnerabilities and respond to
incidents. Acts as professional ethical penetration tester
utilizing hacking tools to modify or create proof of concept
exploits that mimic techniques of attackers to identify
vulnerabilities and associate with a severity rating by deriving
impact and ease of exploit.Performs security risk assessments to
ensure compliance with corporate information security policies and
adherence to best practices. Conducts research, analysis, testing
and implementation of complex web applications and firmware
vulnerabilities. Identifies security vulnerabilities for the
company's, application systems, application dependencies, including
hardware infrastructure and emerging technologies to improve the
enterprise information security posture. Communicates to the line
of business, CIO areas, and relevant third parties on the inherent
risks, providing meaningful hardening and mitigation strategies.
Provides guidance and leadership to Information Security Engineers
and acts as a mentor for these engineers interested in penetration
testing and offensive security. This position is a part of the
Cyber Threat Management - Application Incident Response and
Research team.Responsibilities include:

Incident management for 0day application vulnerabilities

Creation of 0day identification tools

Identification of 0day application vulnerabilities

Conducting web-based application penetration tests

Source code audits

Hands-on technical security evaluations and
implementations

Developing custom penetration testing techniques and
tools.

Install, configure, use and maintain testing tools as well as
vulnerable applications/environments

Stay up to speed on 3rd party (inside and outside Wells Fargo)
known security vulnerabilities

Develop and review malicious use cases/threat models

Maintain a broad understanding of security technologies and
products

Actively participate on improving the security culture and
education throughout the organization.

Required Qualifications

7+ years of information security applications and systems
experience

2+ years of experience creating proof of concepts, creating
exploits, or a combination of both

2+ years of experience in one or a combination of the
following: Java, .net MVC via application development, exploit
development via an interactive testing model or a source code
vulnerability analysis model.

All offers for employment with Wells Fargo are contingent upon the
candidate having successfully completed a criminal background
check. Wells Fargo will consider qualified candidates with criminal
histories in a manner consistent with the requirements of
applicable local, state and Federal law, including Section 19 of
the Federal Deposit Insurance Act.

Relevant military experience is considered for veterans and
transitioning service men and women.
Wells Fargo is an Affirmative Action and Equal Opportunity
Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual
Orientation.

Firmware Development Engineer - CharlotteDescription: We are currently seeking an experienced Firmware Development Engineer to join our team in our Charlotte NC 28273 location.-- -- Who We Are : LS Energy Solutions is an affiliate of LSIS, Korea's major (more...)Company: LS Energy Solutions LLCLocation: CharlottePosted on: 05/26/2019